cisco 640 802 ccna portable command guide 2008 phần 6 ppsx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (175.55 KB, 24 trang )
Configuring OSPF: Optional Commands 95
Modifying Cost Metrics
Authentication: Simple
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
00
00
Changes the router to interface
configuration mode.
Router(config-if)#bb
bb
aa
aa
nn
nn
dd
dd
ww
ww
ii
ii
dd
dd
tt
tt
hh
hh
11
11
22
22
88
88
If you change the bandwidth, OSPF
recalculates the cost of the link.
Or
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
cc
cc
oo
oo
ss
ss
tt
tt
11
11
55
55
66
66
44
44
Changes the cost to a value of 1564.
NOTE: The cost of a link is determined
by dividing the reference bandwidth by
the interface bandwidth.
The bandwidth of the interface is a
number between 1 and 10,000,000. The
unit of measurement is kilobits.
The cost is a number between 1 and
65,535. The cost has no unit of
measurement—it is just a number.
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Router(config-router)#aa
aa
rr
rr
ee
ee
aa
aa
00
00
aa
aa
uu
uu
tt
tt
hh
hh
ee
ee
nn
nn
tt
tt
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
Enables simple authentication; password
will be sent in clear text.
Router(config-router)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
00
00
Moves to interface configuration mode.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
aa
aa
uu
uu
tt
tt
hh
hh
ee
ee
nn
nn
tt
tt
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
kk
kk
ee
ee
yy
yy
ff
ff
rr
rr
ee
ee
dd
dd
Sets key (password) to fred.
NOTE: The password can be any
continuous string of characters that can
be entered from the keyboard, up to
8 bytes in length. To be able to exchange
OSPF information, all neighboring
routers on the same network must have
the same password.
96 Configuring OSPF: Optional Commands
Authentication: Using MD5 Encryption
Timers
Propagating a Default Route
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Router(config-router)#aa
aa
rr
rr
ee
ee
aa
aa
00
00
aa
aa
uu
uu
tt
tt
hh
hh
ee
ee
nn
nn
tt
tt
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
mm
mm
ee
ee
ss
ss
ss
ss
aa
aa
gg
gg
ee
ee
dd
dd
ii
ii
gg
gg
ee
ee
ss
ss
tt
tt
Enables authentication with MD5
password encryption.
Router(config-router)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
00
00
Moves to interface configuration mode.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
mm
mm
ee
ee
ss
ss
ss
ss
aa
aa
gg
gg
ee
ee
dd
dd
ii
ii
gg
gg
ee
ee
ss
ss
tt
tt
kk
kk
ee
ee
yy
yy
11
11
mm
mm
dd
dd
55
55
ff
ff
rr
rr
ee
ee
dd
dd
1 is the key-id. This value must be the
same as that of your neighboring router.
md5 indicates that the MD5 hash
algorithm will be used.
fred is the key (password) and must be
the same as that of your neighboring
router.
NOTE: If the service password-
encryption command is not used when
implementing OSPF MD5
authentication, the MD5 secret is
stored as plain text in NVRAM.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
hh
hh
ee
ee
ll
ll
ll
ll
oo
oo
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
vv
vv
aa
aa
ll
ll
tt
tt
ii
ii
mm
mm
ee
ee
rr
rr
22
22
00
00
Changes the Hello Interval timer to
20 seconds.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
dd
dd
ee
ee
aa
aa
dd
dd
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
vv
vv
aa
aa
ll
ll
88
88
00
00
Changes the Dead Interval timer to
80 seconds.
NOTE: Hello and Dead Interval timers
must match for routers to become
neighbors.
Router(config)#ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
ss
ss
00
00
//
//
00
00
Creates a default route.
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Router(config-router)#dd
dd
ee
ee
ff
ff
aa
aa
uu
uu
ll
ll
tt
tt
ii
ii
nn
nn
ff
ff
oo
oo
rr
rr
mm
mm
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
oo
oo
rr
rr
ii
ii
gg
gg
ii
ii
nn
nn
aa
aa
tt
tt
ee
ee
Sets the default route to be propagated to
all OSPF routers.
Verifying OSPF Configuration 97
Verifying OSPF Configuration
Router(config-router)#dd
dd
ee
ee
ff
ff
aa
aa
uu
uu
ll
ll
tt
tt
ii
ii
nn
nn
ff
ff
oo
oo
rr
rr
mm
mm
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
oo
oo
rr
rr
ii
ii
gg
gg
ii
ii
nn
nn
aa
aa
tt
tt
ee
ee
aa
aa
ll
ll
ww
ww
aa
aa
yy
yy
ss
ss
The always option propagates a default
“quad-zero” route even if one is not
configured on this router.
NOTE: The default-information
originate command or the default-
information originate always command
is usually only to be configured on your
“entrance” or “gateway” router, the
router that connects your network to the
outside world—the Autonomous System
Boundary Router (ASBR).
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
pp
pp
rr
rr
oo
oo
tt
tt
oo
oo
cc
cc
oo
oo
ll
ll
Displays parameters for all protocols
running on the router
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
Displays a complete IP routing table
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
Displays basic information about OSPF
routing processes
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
Displays OSPF info as it relates to all
interfaces
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
00
00
Displays OSPF information for interface
fastethernet 0/0
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
bb
bb
oo
oo
rr
rr
dd
dd
ee
ee
rr
rr
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
ss
ss
Displays border and boundary router
information
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
nn
nn
ee
ee
ii
ii
gg
gg
hh
hh
bb
bb
oo
oo
rr
rr
Lists all OSPF neighbors and their states
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
nn
nn
ee
ee
ii
ii
gg
gg
hh
hh
bb
bb
oo
oo
rr
rr
dd
dd
ee
ee
tt
tt
aa
aa
ii
ii
ll
ll
Displays a detailed list of neighbors
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
dd
dd
aa
aa
tt
tt
aa
aa
bb
bb
aa
aa
ss
ss
ee
ee
Displays contents of the OSPF database
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
dd
dd
aa
aa
tt
tt
aa
aa
bb
bb
aa
aa
ss
ss
ee
ee
nn
nn
ss
ss
ss
ss
aa
aa
ee
ee
xx
xx
tt
tt
ee
ee
rr
rr
nn
nn
aa
aa
ll
ll
Displays NSSA external link states
98 Configuration Example: Single Area OSPF
Troubleshooting OSPF
Configuration Example: Single Area OSPF
Figure 10-1 illustrates the network topology for the configuration that follows, which shows
how to configure Single Area OSPF using commands covered in this chapter.
Figure 10-9 Network Topology for Single Area OSPF Configuration
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
**
**
Clears entire routing table, forcing it to
rebuild
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
aa
aa
bb
bb
cc
cc
dd
dd
Clears specific route to network a.b.c.d
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
oo
oo
pp
pp
ss
ss
ff
ff
cc
cc
oo
oo
uu
uu
nn
nn
tt
tt
ee
ee
rr
rr
ss
ss
Resets OSPF counters
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
pp
pp
rr
rr
oo
oo
cc
cc
ee
ee
ss
ss
ss
ss
Resets entire OSPF process, forcing
OSPF to re-create neighbors, database,
and routing table
Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
ee
ee
vv
vv
ee
ee
nn
nn
tt
tt
ss
ss
Displays all OSPF events
Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
aa
aa
dd
dd
jj
jj
aa
aa
cc
cc
ee
ee
nn
nn
cc
cc
yy
yy
Displays various OSPF states and DR/
BDR election between adjacent routers
Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
pp
pp
aa
aa
cc
cc
kk
kk
ee
ee
tt
tt
ss
ss
Displays OPSF packets
172.16.10.10 172.16.30.30 172.16.50.50
s0/0
172.16.40.1
s0/0
172.16.20.1
Network
172.16.20.0/30
DCEDCE
s0/1
172.16.40.2
s0/1
172.16.20.2
Network
172.16.40.0/30
Network
172.16.50.0/24
Network
172.16.10.0/24
Network
172.16.30.0/24
fa0/0
172.16.10.1
fa0/0
172.16.30.1
fa0/0
172.16.50.1
GalvestonHouston
Austin
Configuration Example: Single Area OSPF 99
Austin Router
Router>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Moves to privileged mode.
Router#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
Router(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
AA
AA
uu
uu
ss
ss
tt
tt
ii
ii
nn
nn
Sets the host name.
Austin(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
00
00
Moves to interface configuration mode.
Austin(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
11
11
00
00
11
11
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Assigns an IP address and netmask.
Austin(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Austin(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
00
00
Moves to interface configuration mode.
Austin(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
22
22
00
00
11
11
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Austin(config-if)#cc
cc
ll
ll
oo
oo
cc
cc
kk
kk
rr
rr
aa
aa
tt
tt
ee
ee
55
55
66
66
00
00
00
00
00
00
DCE cable plugged in this side.
Austin(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Austin(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Austin(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Austin(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
11
11
00
00
00
00
00
00
00
00
00
00
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an address of
172.16.10.x is to be put into area 0.
Austin(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
22
22
00
00
00
00
00
00
00
00
00
00
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an address of
172.16.20.x is to be put into area 0.
Austin(config-router)#<<
<<
cc
cc
tt
tt
rr
rr
ll
ll
>>
>>
zz
zz
Returns to privileged mode.
Austin#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
100 Configuration Example: Single Area OSPF
Houston Router
Router>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Moves to privileged mode.
Router#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
Router(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
HH
HH
oo
oo
uu
uu
ss
ss
tt
tt
oo
oo
nn
nn
Sets the host name.
Houston(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
00
00
Moves to interface configuration mode.
Houston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
33
33
00
00
11
11
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Assigns an IP address and netmask.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
00
00
Moves to interface configuration mode.
Houston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
44
44
00
00
11
11
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Houston(config-if)#cc
cc
ll
ll
oo
oo
cc
cc
kk
kk
rr
rr
aa
aa
tt
tt
ee
ee
55
55
66
66
00
00
00
00
00
00
DCE cable plugged in this side.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
11
11
Moves to interface configuration mode.
Houston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
22
22
00
00
22
22
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Houston(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Houston(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
00
00
00
00
00
00
00
00
22
22
55
55
55
55
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an address of
172.16.x.x is to be put into area 0.
One statement will now advertise all
three interfaces.
Houston(config-router)#<<
<<
cc
cc
tt
tt
rr
rr
ll
ll
>>
>>
zz
zz
Returns to privileged mode.
Houston#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
Configuration Example: Single Area OSPF 101
Galveston Router
Router>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Moves to privileged mode.
Router#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
Router(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
GG
GG
aa
aa
ll
ll
vv
vv
ee
ee
ss
ss
tt
tt
oo
oo
nn
nn
Sets the host name.
Galveston(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
00
00
Moves to interface configuration mode.
Galveston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
55
55
00
00
11
11
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Assigns an IP address and netmask.
Galveston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Galveston(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
11
11
Moves to interface configuration mode.
Galveston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
44
44
00
00
22
22
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Galveston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Galveston(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Galveston(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Galveston(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
44
44
00
00
22
22
00
00
00
00
00
00
00
00
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an exact address of
172.16.40.2 is to be put into area 0. This
is the most precise way to place an
exact address into the OSPF routing
process.
Galveston(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
55
55
00
00
11
11
00
00
00
00
00
00
00
00
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an exact address of
172.16.50.2 is to be put into area 0.
Galveston(config-router)#<<
<<
cc
cc
tt
tt
rr
rr
ll
ll
>>
>>
zz
zz
Returns to privileged mode.
Galveston#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
This page intentionally left blank
PART V
Switching
Chapter 11 Configuring a Switch
Chapter 12 VLANs
Chapter 13 VLAN Trunking Protocol and Inter-VLAN Routing
Chapter 14 STP and EtherChannel
This page intentionally left blank
CHAPTER 11
Configuring a Switch
This chapter provides information and commands concerning the following topics:
• Help commands
• Command modes
• Verifying commands
• Resetting switch configuration
• Setting host names
• Setting passwords
• Setting IP addresses and default gateways
• Setting interface descriptions
• Setting duplex operation
• Setting operation speed
• Managing the MAC address table
• Configuring static MAC addresses
• Switch port security
• Verifying switch port security
• Sticky MAC addresses
• Configuration example
Help Commands
Command Modes
switch>??
??
The ? works here the same as
in a router.
switch>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
User mode, same as a router
switch#
Privileged mode
switch#dd
dd
ii
ii
ss
ss
aa
aa
bb
bb
ll
ll
ee
ee
Leaves privileged mode
switch>ee
ee
xx
xx
ii
ii
tt
tt
Leaves user mode
106 Verifying Commands
Verifying Commands
switch#ss
ss
hh
hh
oo
oo
ww
ww
vv
vv
ee
ee
rr
rr
ss
ss
ii
ii
oo
oo
nn
nn
Displays information about
software and hardware.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ff
ff
ll
ll
aa
aa
ss
ss
hh
hh
::
::
Displays information about
flash memory (for the 2900/
2950 series only).
switch#ss
ss
hh
hh
oo
oo
ww
ww
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Displays the current MAC
address forwarding table.
switch#ss
ss
hh
hh
oo
oo
ww
ww
cc
cc
oo
oo
nn
nn
tt
tt
rr
rr
oo
oo
ll
ll
ll
ll
ee
ee
rr
rr
ss
ss
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
cc
cc
oo
oo
nn
nn
tt
tt
rr
rr
oo
oo
ll
ll
ll
ll
ee
ee
rr
rr
Displays information about
the Ethernet controller.
switch#ss
ss
hh
hh
oo
oo
ww
ww
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Displays the current
configuration in DRAM.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Displays the current
configuration in NVRAM.
switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
ss
ss
tt
tt
Displays whether the switch
passed POST.
switch#ss
ss
hh
hh
oo
oo
ww
ww
vv
vv
ll
ll
aa
aa
nn
nn
Displays the current VLAN
configuration.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
Displays the interface
configuration and status of
line: up/up, up/down, admin
down.
NOTE: This command is
unsupported in some Cisco
IOS Software releases, such
as 12.2(25)FX.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
vv
vv
ll
ll
aa
aa
nn
nn
11
11
Displays setting of virtual
interface VLAN 1, the
default VLAN on the switch.
NOTE: This command is
unsupported in some Cisco
IOS Software releases, such
as 12.2(25)FX.
Setting Passwords 107
Resetting Switch Configuration
Setting Host Names
Setting Passwords
Setting passwords for the 2960 series switches is the same method as used for a router.
Switch#dd
dd
ee
ee
ll
ll
ee
ee
tt
tt
ee
ee
ff
ff
ll
ll
aa
aa
ss
ss
hh
hh
::
::
vv
vv
ll
ll
aa
aa
nn
nn
dd
dd
aa
aa
tt
tt
Removes the VLAN database
from flash memory.
Delete filename [vlan.dat]?
Press ®.
Delete flash:vlan.dat? [confirm]
Reconfirm by pressing
®.
Switch#ee
ee
rr
rr
aa
aa
ss
ss
ee
ee
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Erases the file from NVRAM.
<output omitted>
Switch#rr
rr
ee
ee
ll
ll
oo
oo
aa
aa
dd
dd
Restarts the switch.
Switch#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration
mode.
Switch(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
22
22
99
99
66
66
00
00
SS
SS
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
Creates a locally significant
host name of the switch. This
is the same command as the
router.
2960Switch(config)#
2960Switch(config)#ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the enable password to
cisco
2960Switch(config)#ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
ee
ee
cc
cc
rr
rr
ee
ee
tt
tt
cc
cc
ll
ll
aa
aa
ss
ss
ss
ss
Sets the encrypted secret
password to class
2960Switch(config)#ll
ll
ii
ii
nn
nn
ee
ee
cc
cc
oo
oo
nn
nn
ss
ss
oo
oo
ll
ll
ee
ee
00
00
Enters line console mode
2960Switch(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
Enables password checking
2960Switch(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the password to cisco
2960Switch(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Exits line console mode
2960Switch(config-line)#ll
ll
ii
ii
nn
nn
ee
ee
aa
aa
uu
uu
xx
xx
00
00
Enters line auxiliary mode
108 Setting Interface Descriptions
Setting IP Addresses and Default Gateways
TIP: For the 2960 series switches, the IP address of the switch is just that—the IP
address for the entire switch. That is why you set the address in VLAN 1 (the
default VLAN of the switch) and not in a specific Ethernet interface.
Setting Interface Descriptions
TIP: The 2960 series switches have either 12 or 24 Fast Ethernet ports named
fa0/1, fa0/2, fa0/24—there is no fastethernet 0/0.
2960Switch(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
Enables password checking
2960Switch(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the password to cisco
2960Switch(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Exits line auxiliary mode
2960Switch(config-line)#ll
ll
ii
ii
nn
nn
ee
ee
vv
vv
tt
tt
yy
yy
00
00
44
44
Enters line vty mode for all
five virtual ports
2960Switch(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
Enables password checking
2960Switch(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the password to cisco
2960Switch(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Exits line vty mode
2960Switch(config)#
2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
vv
vv
ll
ll
aa
aa
nn
nn
11
11
Enters the virtual interface
for VLAN 1, the default
VLAN on the switch
2960Switch(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
11
11
00
00
22
22
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Sets the IP address and
netmask to allow for remote
access to the switch
2960Switch(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
2960Switch(config)#ii
ii
pp
pp
dd
dd
ee
ee
ff
ff
aa
aa
uu
uu
ll
ll
tt
tt
gg
gg
aa
aa
tt
tt
ee
ee
ww
ww
aa
aa
yy
yy
11
11
77
77
22
22
11
11
66
66
11
11
00
00
11
11
Allows IP information an
exit past the local network
2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Enters interface
configuration mode
2960Switch(config-if)#dd
dd
ee
ee
ss
ss
cc
cc
rr
rr
ii
ii
pp
pp
tt
tt
ii
ii
oo
oo
nn
nn
FF
FF
ii
ii
nn
nn
aa
aa
nn
nn
cc
cc
ee
ee
VV
VV
LL
LL
AA
AA
NN
NN
Adds a description of the
interface
Configuring Static MAC Addresses 109
Setting Duplex Operation
Setting Operation Speed
Managing the MAC Address Table
Configuring Static MAC Addresses
2960Switch2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Moves to interface
configuration mode
2960Switch(config-if)#dd
dd
uu
uu
pp
pp
ll
ll
ee
ee
xx
xx
ff
ff
uu
uu
ll
ll
ll
ll
Forces full-duplex
operation
2960Switch(config-if)#dd
dd
uu
uu
pp
pp
ll
ll
ee
ee
xx
xx
aa
aa
uu
uu
tt
tt
oo
oo
Enables auto-duplex config
2960Switch(config-if)#dd
dd
uu
uu
pp
pp
ll
ll
ee
ee
xx
xx
hh
hh
aa
aa
ll
ll
ff
ff
Forces half-duplex operation
2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
2960Switch(config-if)#ss
ss
pp
pp
ee
ee
ee
ee
dd
dd
11
11
00
00
Forces 10-Mbps operation
2960Switch(config-if)#ss
ss
pp
pp
ee
ee
ee
ee
dd
dd
11
11
00
00
00
00
Forces 100-Mbps operation
2960Switch(config-if)#ss
ss
pp
pp
ee
ee
ee
ee
dd
dd
aa
aa
uu
uu
tt
tt
oo
oo
Enables autospeed
configuration
switch#ss
ss
hh
hh
oo
oo
ww
ww
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Displays current MAC
address forwarding table
switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Deletes all entries from
current MAC address
forwarding table
switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
Deletes only dynamic
entries from table
2960Switch(config)#mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
tt
tt
aa
aa
tt
tt
ii
ii
cc
cc
aaaa
.
aaaa
.
aaaa
vv
vv
ll
ll
aa
aa
nn
nn
11
11
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Sets a permanent address to
port fastethernet 0/1 in
VLAN 1
110 Switch Port Security
Switch Port Security
2960Switch(config)#nn
nn
oo
oo
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
tt
tt
aa
aa
tt
tt
ii
ii
cc
cc
aaaa
.
aaaa
.
aaaa
vv
vv
ll
ll
aa
aa
nn
nn
11
11
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Removes the permanent
address to port fastethernet
0/1 in VLAN 1
Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Moves to interface
configuration mode.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
Enables port security on the
interface.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
mm
mm
aa
aa
xx
xx
ii
ii
mm
mm
uu
uu
mm
mm
44
44
Sets a maximum limit of
four MAC addresses that
will be allowed on this port.
NOTE: The maximum
number of secure MAC
addresses that you can
configure on a switch is set
by the maximum number of
available MAC addresses
allowed in the system.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
22
22
33
33
44
44
55
55
66
66
77
77
88
88
99
99
00
00
aa
aa
bb
bb
Sets a specific secure MAC
address 1234.5678.90ab.
You can add additional
secure MAC addresses up to
the maximum value
configured.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Configures port security to
shut down the interface if a
security violation occurs.
NOTE: In shutdown mode,
the port is errdisabled, a log
entry is made, and manual
intervention or errdisable
recovery must be used to
reenable the interface.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
rr
rr
ee
ee
ss
ss
tt
tt
rr
rr
ii
ii
cc
cc
tt
tt
Configures port security to
restrict mode if a security
violation occurs.
Verifying Switch Port Security 111
Verifying Switch Port Security
NOTE: In restrict mode,
frames from a nonallowed
address are dropped, and
a log entry is made. The
interface remains
operational.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
pp
pp
rr
rr
oo
oo
tt
tt
ee
ee
cc
cc
tt
tt
Configures port security to
protect mode if a security
violation occurs.
NOTE: In protect mode,
frames from a nonallowed
address are dropped, but no
log entry is made. The
interface remains
operational.
Switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
Displays security
information for all
interfaces
Switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
55
55
Displays security
information for interface
fastethernet 0/5
Switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
Displays MAC address
table security information
Switch#ss
ss
hh
hh
oo
oo
ww
ww
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Displays the MAC address
table
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
Deletes all dynamic MAC
addresses
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
aaaa
.
bbbb
.
cccc
Deletes the specified
dynamic MAC address
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
55
55
Deletes all dynamic MAC
addresses on interface
fastethernet 0/5
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
vv
vv
ll
ll
aa
aa
nn
nn
11
11
00
00
Deletes all dynamic MAC
addresses on VLAN 10
112 Sticky MAC Addresses
Sticky MAC Addresses
Sticky MAC addresses are a feature of port security. Sticky MAC addresses limit switch
port access to a specific MAC address that can be dynamically learned, as opposed to a
network administrator manually associating a MAC address with a specific switch port.
These addresses are stored in the running configuration file. If this file is saved, the sticky
MAC addresses do not have to be relearned when the switch is rebooted, and thus provide
a high level of switch port security.
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
nn
nn
oo
oo
tt
tt
ii
ii
ff
ff
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
Clears MAC notification
global counters
NOTE: Beginning with
Cisco IOS Software Release
12.1(11)EA1, the clear mac
address-table command
(no hyphen in mac address)
replaces the clear mac-
address-table command
(with the hyphen in mac-
address). The clear mac-
address-table static
command (with the hyphen
in mac-address) will
become obsolete in a future
release.
Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
55
55
Moves to interface
configuration mode.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
ss
ss
tt
tt
ii
ii
cc
cc
kk
kk
yy
yy
Converts all dynamic port
security learned MAC
addresses to sticky secure
MAC addresses.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
ss
ss
tt
tt
ii
ii
cc
cc
kk
kk
yy
yy
vv
vv
ll
ll
aa
aa
nn
nn
11
11
00
00
vv
vv
oo
oo
ii
ii
cc
cc
ee
ee
Converts all dynamic port
security learned MAC
addresses to sticky secure
MAC addresses on voice
VLAN 10.
NOTE: The voice
keyword is available only
if a voice VLAN is first
configured on a port and if
that port is not the access
VLAN.
Configuration Example 113
Configuration Example
Figure 11-1 shows the network topology for the basic configuration of a 2960 series switch
using commands covered in this chapter.
Figure 11-1 Network Topology for 2960 Series Switch Configuration
switch>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Enters privileged mode.
switch#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Enters global configuration
mode.
switch(config)#nn
nn
oo
oo
ii
ii
pp
pp
dd
dd
oo
oo
mm
mm
aa
aa
ii
ii
nn
nn
ll
ll
oo
oo
oo
oo
kk
kk
uu
uu
pp
pp
Turns off Domain Name
System (DNS) queries so
that spelling mistakes do not
slow you down.
switch(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
22
22
99
99
66
66
00
00
Sets the host name.
2960(config)#ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
ee
ee
cc
cc
rr
rr
ee
ee
tt
tt
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the encrypted secret
password to cisco.
2960(config)#ll
ll
ii
ii
nn
nn
ee
ee
cc
cc
oo
oo
nn
nn
ss
ss
oo
oo
ll
ll
ee
ee
00
00
Enters line console mode.
2960(config-line)#ll
ll
oo
oo
gg
gg
gg
gg
ii
ii
nn
nn
gg
gg
ss
ss
yy
yy
nn
nn
cc
cc
hh
hh
rr
rr
oo
oo
nn
nn
oo
oo
uu
uu
ss
ss
Appends commands to a
new line; router information
will not interrupt.
Workstation B
192.168.1.11
Network 192.168.1.0/24
Workstation A
192.168.1.10
192.168.1.1Fa0/0
192.168.1.2
Fa0/1
2960Switch
Bismarck
Fa0/8Fa0/4
114 Configuration Example
2960(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
User must log in to console
before use.
2960(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
Sets the password to switch.
2960(config-line)#ee
ee
xx
xx
ee
ee
cc
cc
tt
tt
ii
ii
mm
mm
ee
ee
oo
oo
uu
uu
tt
tt
00
00
00
00
Console will never log out.
2960(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Moves back to global
configuration mode.
2960(config)#ll
ll
ii
ii
nn
nn
ee
ee
aa
aa
uu
uu
xx
xx
00
00
Moves to line auxiliary
mode.
2960(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
User must log in to auxiliary
port before use.
2960(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ll
ll
aa
aa
ss
ss
ss
ss
Sets the password to class.
2960(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Moves back to global
configuration mode.
2960(config)#ll
ll
ii
ii
nn
nn
ee
ee
vv
vv
tt
tt
yy
yy
00
00
11
11
55
55
Moves to configure all 16 vty
ports at the same time.
2960(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
User must log in to vty port
before use.
2960(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ll
ll
aa
aa
ss
ss
ss
ss
Sets the password to class.
2960(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Moves back to global
configuration mode.
2960(config)#ii
ii
pp
pp
dd
dd
ee
ee
ff
ff
aa
aa
uu
uu
ll
ll
tt
tt
gg
gg
aa
aa
tt
tt
ee
ee
ww
ww
aa
aa
yy
yy
11
11
99
99
22
22
11
11
66
66
88
88
11
11
11
11
Sets default gateway.
2960(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
vv
vv
ll
ll
aa
aa
nn
nn
11
11
Moves to virtual interface
VLAN 1 configuration
mode.
2960(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
99
99
22
22
11
11
66
66
88
88
11
11
22
22
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Sets the IP address and
netmask for switch.
2960(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Turns the virtual interface
on.
2960(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Moves to interface
configuration mode for
fastethernet 0/1.
Configuration Example 115
2960(config-if)#dd
dd
ee
ee
ss
ss
cc
cc
rr
rr
ii
ii
pp
pp
tt
tt
ii
ii
oo
oo
nn
nn
LL
LL
ii
ii
nn
nn
kk
kk
tt
tt
oo
oo
BB
BB
ii
ii
ss
ss
mm
mm
aa
aa
rr
rr
cc
cc
kk
kk
RR
RR
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
Sets a local description.
2960(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
44
44
Moves to interface
configuration mode for
fastethernet 0/4.
2960(config-if)#dd
dd
ee
ee
ss
ss
cc
cc
rr
rr
ii
ii
pp
pp
tt
tt
ii
ii
oo
oo
nn
nn
LL
LL
ii
ii
nn
nn
kk
kk
tt
tt
oo
oo
WW
WW
oo
oo
rr
rr
kk
kk
ss
ss
tt
tt
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
AA
AA
Sets a local description.
2960(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
Activates port security.
2960(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
mm
mm
aa
aa
xx
xx
ii
ii
mm
mm
uu
uu
mm
mm
11
11
Only one MAC address will
be allowed in the MAC
table.
2960(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Port will be turned off if
more than one MAC address
is reported.
2960(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
88
88
Moves to interface
configuration mode for
fastethernet 0/8.
2960(config-if)#dd
dd
ee
ee
ss
ss
cc
cc
rr
rr
ii
ii
pp
pp
tt
tt
ii
ii
oo
oo
nn
nn
LL
LL
ii
ii
nn
nn
kk
kk
tt
tt
oo
oo
WW
WW
oo
oo
rr
rr
kk
kk
ss
ss
tt
tt
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
BB
BB
Sets a local description.
2960(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
Activates port security.
2960(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
mm
mm
aa
aa
xx
xx
ii
ii
mm
mm
uu
uu
mm
mm
11
11
Only one MAC address will
be allowed in the MAC
table.
2960(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
vv
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Port will be turned off if
more than one MAC address
is reported.
2960(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global
configuration mode.
2960(config)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to privileged mode.
2960#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to
NVRAM.
2960#
This page intentionally left blank
CHAPTER 12
VLANs
This chapter provides information and commands concerning the following topics:
• Creating static VLANs
— Using VLAN configuration mode
— Using VLAN database mode
• Assigning ports to VLANs
• Using the range command
• Verifying VLAN information
• Saving VLAN configurations
• Erasing VLAN configurations
• Configuration example: VLANs
Creating Static VLANs
Static VLANs occur when a switch port is manually assigned by the network
administrator to belong to a VLAN. Each port is associated with a specific VLAN. By
default, all ports are originally assigned to VLAN 1. You can create VLANs in two
different ways:
• Using the VLAN configuration mode, which is the recommended way to create
VLANs
• Using the VLAN database mode (which should not be used but is still available)
Using VLAN Configuration Mode
Switch(config)#vv
vv
ll
ll
aa
aa
nn
nn
33
33
Creates VLAN 3 and enters VLAN
configuration mode for further
definitions.
Switch(config-vlan)#nn
nn
aa
aa
mm
mm
ee
ee
EE
EE
nn
nn
gg
gg
ii
ii
nn
nn
ee
ee
ee
ee
rr
rr
ii
ii
nn
nn
gg
gg
Assigns a name to the VLAN. The
length of the name can be from 1 to
32 characters.
Switch(config-vlan)#ee
ee
xx
xx
ii
ii
tt
tt
Applies changes, increases the revision
number by 1, and returns to global
configuration mode.
Switch(config)#
118 Assigning Ports to VLANs
NOTE: This method is the only way to configure extended-range VLANs (VLAN
IDs from 100 to 4094).
NOTE: Regardless of the method used to create VLANs, the VTP revision number
is increased by 1 each time a VLAN is created or changed.
Using VLAN Database Mode
CAUTION: The VLAN database mode has been deprecated and will be removed
in some future Cisco IOS Software release. It is recommended to use only VLAN
configuration mode.
NOTE: You must apply the changes to the VLAN database for the changes to take
effect. You must use either the apply command or the exit command to do so.
Using the Ç-Z command to exit out of the VLAN database does not work in this
mode because it aborts all changes made to the VLAN database—you must either
use exit or apply and then the exit command.
Assigning Ports to VLANs
Switch#vv
vv
ll
ll
aa
aa
nn
nn
dd
dd
aa
aa
tt
tt
aa
aa
bb
bb
aa
aa
ss
ss
ee
ee
Enters VLAN database mode.
Switch(vlan)#vv
vv
ll
ll
aa
aa
nn
nn
44
44
nn
nn
aa
aa
mm
mm
ee
ee
SS
SS
aa
aa
ll
ll
ee
ee
ss
ss
Creates VLAN 4 and names it Sales.
The length of the name can be from 1 to
32 characters.
Switch(vlan)#vv
vv
ll
ll
aa
aa
nn
nn
11
11
00
00
Creates VLAN 10 and gives it a name of
VLAN0010 as a default.
Switch(vlan)#aa
aa
pp
pp
pp
pp
ll
ll
yy
yy
Applies changes to the VLAN database and
increases the revision number by 1.
Switch(vlan)#ee
ee
xx
xx
ii
ii
tt
tt
Applies changes to the VLAN database,
increases the revision number by 1, and exits
VLAN database mode.
Switch#
Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Moves to interface
configuration mode
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
mm
mm
oo
oo
dd
dd
ee
ee
aa
aa
cc
cc
cc
cc
ee
ee
ss
ss
ss
ss
Sets the port to access mode
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
aa
aa
cc
cc
cc
cc
ee
ee
ss
ss
ss
ss
vv
vv
ll
ll
aa
aa
nn
nn
11
11
00
00
Assigns this port to VLAN 10
